Chris Ries reported a heap-based buffer underflow in the
ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when
parsing the request URI.

Impact

A remote attacker might send a specially crafted request URI to a nginx
server, possibly resulting in the remote execution of arbitrary code
with the privileges of the user running the server, or a Denial of
Service. NOTE: By default, nginx runs as the "nginx" user.